HOW AND WHY ?
XSS is short for cross site scripting.With this kind of vulnerability attacker can pretty easy get your passwords,email,cookies and other personal data stored on your server and more.Mostly XSS vulnerabilities is possible because of not filtered inputs on your website.In some way u can say its actually running javascript that they want on your website.They can enter it wherever non
filtered input is,example it can appear on the search box area of your website,on the login boxes,shoutbox on your forum and more.Now to explain u how really things work i will show u an example of simple xss
THE ATTACK
Now lets assume that u have some search form on your website and u make search for something like „website protection“.The code will look like this
<form action="search.php" method="get">
<input type="text" name="search" />
<input type="button" value="Search" /> </ form>
<h3> No results were found for: website protection </ h3>
Now what if instead for „website protection“ i wanted to search for „<script> alert (XSS) </ script>“
Note:everything goes without quotes
Now i i searched that string on vulnerable search form alert box will popup with code executed.Now this will for because results are printed on the screen.That was only simple type of XSS and u are probably asking yourself so what can that do to me its simple alert box.
Let me explain u some advanced things.For example with XSS someone can steal your cookie and login to your website with your login without knowing your username and password,But u need to execute the code that he setup,So you are probably wondering how will someone make you execute that code when its obvious that its script and all of you watch at least that much on your security.There comes on so called social engineering.Take for example that he want to steal your cookie for facebook website and he found XSS vulnerability that will allow him to collect your cookie with the cookie stealer which he made(its pretty simple to make one but i won't explain it here).Attacker also knows that if u see the script you won't click on it and u won't execute his code so he will use some scripts like tinyurl and similar to mask the script on the url and he will send you the mail or something containing something like.New facebook offer get free credits here and he will anchor his link on the word „here“.Finally most of the people will click link like that not suspecting what is really going on.And what is really going on is that u clicked on the URL with attackers java script that collected your cookie information and redirected you to some website where he wanted for example if he wanted facebook cookie he will probably redirect you to facebook website after he collect what he need
PROTECTION
Mainly protection from this attack is in filtering all inputs before they return to the user.Encode all html characters like "<" to "<"and other characters.As for stop cookie stealing i advise u to use httpOnly option when setting the cookies.Its a nice little option that tell browsers that cookie is not allowed to use in any scripts but just for http requests.Another thing u should do is to disable httptrace method in your httpd.conf unless u absolutely need it.Its not good to have it enabled since it return diagnostic back along with cookie value and that is bad for you.And also check every part of your website where u do any input manually with the code above to see if the vulnerability is still there.
Share this
Twitter
Myspace
Mister Wong
Digg
Del.icio.us
Reddit
StumbleUpon
Slashdot
Furl
Yahoo
Blogmarks
Technorati
Newsvine
Blinkbits
Googlize this
Blinklist
Facebook
Wikio
Hear this text
